Was just reading about a new trojan out there that encrypts all your docs, pics , pdf's, etc,etc. They threaten deletion of all your files unless the ransom is paid. Also if you enter one wrong passcode it will automatically delete all the files. Not good! As of my reading so far, there is no fix for it! There is a tool I saw on Panda that will decrypt only certain file types and they give you more details about it on their site. Click here There was also a claim that Kapersky had a fix, but I am not sure about that though.BriTec made a video (click here) showing how to intercept the decrypt password using Wireshark, but also says the password keeps changing so it's of no real help. I don't know if anyone else has seen this yet, but if anyone hears of a fix please post back for all.

There is a new nasty hitting the Web aimed at Office documents using what appears to be an Adobe PDF exploit, even though this last part is still to be confirmed. It does this when you visit a compromised site and when launched will look for a wide range of media files, JPEG images, MPEG audio files, as well as all Microsoft Office files.The attack, which Sophos has identified as Troj/Ransom-U, changes the user’s Windows desktop wallpaper to deliver the first part of the ransom message, which tells the user their files have been encrypted. It adds that they must act quickly to get their files decrypted, and must not tell anyone about the attack.

OK, Still doing research on this issue. I have personally not seen it yet, just trying to stay informed and ready. Found an article posted from Tuesday, 25 June 2013 by Tomas Meskauskas labeled - Everything on your computer has been fully encrypted - Virus, but I have a couple of issues with this. Trying to seek out advice on this one. I read the article and it uses "Spyhunter 4.0", which I remembered from a while back as having bad reviews. Correct me if I am wrong on this one please. Then he recommends you download this decryption tool from the Emsisoft Development Team. I went to the site and could not find this tool. I dunno, the hairs on my neck are twitching here. Anyone familiar with this site, article, or the programs he is using to fix this issue? Anyone hear anything about this encryption ransom issue?ThanksMike

OK, well apparently that decryption tool is valid. I saw that BriTec amended it to his last video. Link to the tool is confirmed:http://tmp.emsisoft.com/fw/decrypt_birele.zip = Emsisoft DecrypterAlso it looks like Mlawarebytes/HitManPro can now clean the virus, but then afterwards you still need to run this tool to decrypt your files.I also found a video he made recently to demonstrate how's it done @ http://www.youtube.com/watch?v=4NXZj7UzhVsIn the video he also provided a key - "encryptkey1111111111111111111111" (I believe it was 22 One's)Still think Spyhunter should be avoided. One review I read said it captured 7 out of 314 possible infections on a test machine. OK, well I hope this helps someone out there. Couldn't imagine what it be like to have all your data encrypted, with the threat of deletion.Mike

Today a client asked me if I can remove the Trojan Kryptik ransomware (As identified by Malwarebytes) ....Disinfecting was simple my only problem is that all the ms office documents and pdf files are all encrypted... excel word and pdf files would open with this warning “File is in a different format than specified by the file extension”

The document file names and their extensions had not been altered which suggests that the encryption used is a variant of the same ransomware mentioned in GEGeeks post. I ran the recommended decrypt tools from Emsisoft and Panda on the affected documents and had no success as they are designed for a different version of encryption.

Unfortunately the prognosis for this infection isn’t good, the encryption level used by some of these variants is impossible to reverse engineer, some are even saying pay the ransom if you are running a business because it’s the only option at the moment.

There is a solution posted on the Technibble forum that doesn’t decrypt the files it extracts the shadow copies using software called ShadowExplorer. This worked for me and I got the files back this time! http://www.shadowexplorer.com/downloads.html

Shadow CopyFrom time to time, Windows Vista / 7 / 8 creates point-in-time copies of your files. This allows you to retrieve older versions from files you accidentally deleted or altered. This service is turned on by default on all versions of Windows Vista/7, but Microsoft grants access to these copies only in Ultimate, Business, and Enterprise editions. This is where ShadowExplorer comes into play. For more information on Shadow Copy, visit Microsofts website.

Yeah, after reading around I used, d7 on a CD, ran kill'em all ( ran a few times making sure that the infections would not start back up, this one did not), Shadow Explorer to restore folders to an external HDD, and now running malwarebytes. So far so good.

@ GEGeek, I didn’t see any mention of the decryption tool you posted in the description from them on how it works. However, I didn’t notice a date on it either. Where did you find that link? Was there any information where you found it?Bill